Risks of Insecure Systems - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Risks of Insecure Systems

Description:

Received in Email or Downloaded from Malicious Websites ... Malicious Websites. Seek out sensitive information or files. Lures visitors with by ... – PowerPoint PPT presentation

Number of Views:760
Avg rating:3.0/5.0
Slides: 28
Provided by: garyp5
Category:

less

Transcript and Presenter's Notes

Title: Risks of Insecure Systems


1
Unit 6
  • Risks of Insecure Systems

2
What is risk, in the context of electronic
commerce?
  • The possibility of
  • _________________________________
  • destruction, generation, or use of data or
    programs that physically, mentally, or
    financially harms another party
  • _________________________________.

3
Consumer Exposures
  • Most Commonly Mentioned?
  • Least Commonly Incurred?
  • Impact of Consumer Perceptions?

4
Consumer Exposures
  • Transmitted Data
  • _____________________
  • Stored Data and Cookies
  • Name, Address, Demographic Info, SS Number
  • Surveillance of ______________________
  • Double Click
  • RealNetworks
  • __________________________
  • Malicious Web Sites

5
Commercial Exposures
  • Resources
  • ________________ Resources
  • Email Services
  • _______________________
  • General Hardware Resources
  • ________________ Productivity
  • Inappropriate Internet Browsing
  • _________________________

6
Commercial Exposures
  • Information
  • _____________________
  • CD Universe
  • Employee Data
  • Operational

7
Commercial Exposures
  • Revenue
  • _____________________________
  • Customers and Business Partners
  • _____________________________
  • Ricochet.net
  • Damage Reputations
  • RT66

8
Sources of Threats and Risk
  • Internal
  • ______________________ Acts
  • Unauthorized Access to Data and Systems
  • Abuse of Authorized Privileges
  • Financial Fraud
  • ______________________ Acts
  • ______________ Use of Email and Internet
  • Careless Programming or System Design

9
Sources of Threats and Risk
  • External
  • Threats from external sources are growing at a
    dramatic rate.

10
Sources of Threats and Risk
  • External
  • Motivating Factors
  • CD Universe
  • Political Statement
  • Federal Government Websites
  • Denial of Service Attacks
  • Harmless Pranks
  • University of Georgia

11
Electronic Commerce Threats
  • Viruses
  • Transmitted by Email and Disks without
    _________________
  • ________________________________
  • Perform Acts of Nuisance or Destruction
  • Commonly Associated with __________

12
Electronic Commerce Threats
  • Melissa Virus
  • Transmitted by unrequested Email
  • Here is that document you asked fordont show
    anyone else -)
  • Released by opening attached Word Document
  • Alter Macro Security Settings
  • Send duplicate email to the first 50 addresses
    located in Outlook address book.
  • Alter ________________________________

13
Electronic Commerce Threats
  • Trojan Horses
  • Enter under the guise of ________________ Files
    or Programs
  • Received in Email or Downloaded from Malicious
    Websites
  • _________________ Key Strokes
  • Peruse Stored Data
  • _________________ Sensitive Data without Consent

14
Electronic Commerce Threats
  • Email Spoofing
  • Email sent through the _______ of another user.
  • Easily Accomplished
  • Hostile Content
  • Requests for Private Information
  • Result in _____________________________

15
Electronic Commerce Threats
  • Social Engineering
  • Abuse the ____________________ of employees.
  • Facilitated by Email or phone messages
  • Perpetrator poses as a ____________________
  • Requests for passwords or other private
    information
  • Gains unauthorized access to network resources or
    applications
  • American On-Line

16
Electronic Commerce Threats
  • Denial of Service Attacks
  • Render Networks or Servers Useless.
  • Targets are flooded by large amounts of
    _____________________________________
  • Traffic overload shutdown service
  • Networks are not _______________________ rather
    they are blocked.
  • Results in lost _________________________

17
Electronic Commerce Threats
  • Denial of Service Attacks
  • Common Methods
  • SYN Attacks
  • Flooding the Server with connection requests
  • Flooding the Server with Data
  • Facilitated by _________________________

18
Electronic Commerce Threats
  • Password Cracking
  • Susceptible Passwords
  • Insecurely Transmitted Passwords
  • Cookies
  • EBAY

19
Electronic Commerce Threats
  • System Manipulation
  • CGI Scripts
  • Programs that execute commands between web
    servers and ___________ business applications
  • Facilitate _____________________________
  • Can be manipulated for malicous purposes

Back-End Systems
WEB Server
CGI Scripts
20
Electronic Commerce Threats
  • Active Content
  • ActiveX, Java Applets, Java Scripts
  • Programs embedded in websites that allow users to
    ________________________________.
  • ________________ downloaded to the users machine
  • ________________element for thriving EC
    Applications
  • Malicious capabilities

21
Electronic Commerce Threats
  • Malicious Websites
  • Seek out sensitive information or files
  • Lures visitors with by
  • Exploit _______________ capabilities of WEB.
  • Malicious programs are transmitted under the
    guise of a legitimate program or transaction.
  • Man in the Middle Attacks

22
Implications for the Accounting Profession -
Intranet Internal Controls
  • The accounting firm must know its clients
  • exact number of intranets and servers
  • the data and processing methods contained on each
    intranet
  • intranets (which ones) contain data and
    processing methods within the domain of the audit
    engagement
  • the configuration and inter-networking
    infrastructure and
  • security methods employed and assess them.

23
Implications for the Accounting Profession -
Internet Internal Controls
  • The accounting firm must know its clients
  • exact number of Internet entry points
  • location of firewalls and their exact
    configuration
  • location of other security devices and their
    exact configurations or procedures
  • the network configuration of any internal systems
    that are linked to gateway servers and
  • data access methods for data linked to gateway
    servers.

24
Electronic Commerce Threats
  • Old-Fashion Fraud
  • Pyramid Schemes, Fraudulent Products, Risk-Free
    Investment Schemes
  • Difficult to Limit

25
Cookies
  • Cookies were originally designed with good
    intentions - to allow a server computer to
    offload some of the data storing duties to the
    client computer.
  • Many firms, however, have used this device for
    marketing data gathering and to track users
    visits.

26
Web Site in Marketing Firms Network Visited
(Host)
Marketing Firms
Initial Visit
Initial Visit
visit a site
Load web page with a tag linked to a
marketing firms site and assign a cookie ID
for own web site
Mega Database profiling web surfers visiting
all networked web sites
Linked established from tag loaded by web site
visited
Cookie assigned specifically targeted advertisem
ents appear on web site being visited
cookie.txt
User Surfing the Web (Client)
27
Step 1 SYN messages
Receiver (Target of Attack)
Sender
Ports are half-open memory buffers are filled
Step 2 SYN/ACK
Meanwhile, ports become clogged and memory
buffers fill up
Step 3 ACK packet code should be sent, but is
intentionally not
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Risks of Insecure Systems" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!